Allow COMMENT in macro bodies

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7839 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-12-06 23:49:21 +00:00 · 2007-12-06 23:49:21 +00:00 · 832ef83da9
commit 832ef83da9
parent cf4b54e762
74 changed files with 277 additions and 7 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -16,6 +16,8 @@ Changes in 4.1.2
 8)  Add 'nomarks' OPTION to tcdevices.
 9)  Add COMMENTs to macros.
 Changes in 4.1.1
 1)  Fix ULOG/NFLOG output.
--- a/Shorewall-common/macro.AllowICMPs
+++ b/Shorewall-common/macro.AllowICMPs
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Needed ICMP types
 ACCEPT	-	-	icmp	fragmentation-needed
 ACCEPT	-	-	icmp	time-exceeded
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Amanda
+++ b/Shorewall-common/macro.Amanda
@ -10,6 +10,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Amanda
 PARAM	-	-	udp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
--- a/Shorewall-common/macro.Auth
+++ b/Shorewall-common/macro.Auth
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Auth
 PARAM	-	-	tcp	113
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.BitTorrent
+++ b/Shorewall-common/macro.BitTorrent
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT BitTorrent
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall-common/macro.CVS
+++ b/Shorewall-common/macro.CVS
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT CVS
 PARAM	-	-	tcp	2401
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.DNS
+++ b/Shorewall-common/macro.DNS
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT DNS
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.DropDNSrep
+++ b/Shorewall-common/macro.DropDNSrep
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Late DNS Replies
 DROP	-	-	udp	-	53
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.DropUPnP
+++ b/Shorewall-common/macro.DropUPnP
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT UPPnP
 DROP	-	-	udp	1900
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Edonkey
+++ b/Shorewall-common/macro.Edonkey
@ -30,6 +30,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Edonkey
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.FTP
+++ b/Shorewall-common/macro.FTP
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT FTP
 PARAM	-	-	tcp	21
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Finger
+++ b/Shorewall-common/macro.Finger
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Finger
 PARAM	-	-	tcp	79
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.GRE
+++ b/Shorewall-common/macro.GRE
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT GRE
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Gnutella
+++ b/Shorewall-common/macro.Gnutella
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Gnutella
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.HTTP
+++ b/Shorewall-common/macro.HTTP
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT HTTP
 PARAM	-	-	tcp	80
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.HTTPS
+++ b/Shorewall-common/macro.HTTPS
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT HTTPS
 PARAM	-	-	tcp	443
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.ICQ
+++ b/Shorewall-common/macro.ICQ
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT ICQ
 PARAM	-	-	tcp	5190
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.IMAP
+++ b/Shorewall-common/macro.IMAP
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IMAP
 PARAM	-	-	tcp	143
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.IMAPS
+++ b/Shorewall-common/macro.IMAPS
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IMAPS
 PARAM	-	-	tcp	993
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.IPIP
+++ b/Shorewall-common/macro.IPIP
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IPIP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.IPP
+++ b/Shorewall-common/macro.IPP
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IPP
 PARAM	-	-	tcp	631
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.IPPserver
+++ b/Shorewall-common/macro.IPPserver
@ -25,6 +25,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IPPServer
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.IPsec
+++ b/Shorewall-common/macro.IPsec
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IPsec
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall-common/macro.IPsecah
+++ b/Shorewall-common/macro.IPsecah
@ -9,6 +9,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IPsecah
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall-common/macro.IPsecnat
+++ b/Shorewall-common/macro.IPsecnat
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT IPsecnat
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
--- a/Shorewall-common/macro.JabberPlain
+++ b/Shorewall-common/macro.JabberPlain
@ -8,5 +8,8 @@
 ###############################################################################
 #TARGET	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Jabber
 PARAM	-	-	tcp	5222
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.JabberSecure
+++ b/Shorewall-common/macro.JabberSecure
@ -8,5 +8,8 @@
 ###############################################################################
 #TARGET	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT JabberSecure
 PARAM	-	-	tcp	5223
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Jabberd
+++ b/Shorewall-common/macro.Jabberd
@ -8,5 +8,8 @@
 ###############################################################################
 #TARGET	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Jabberd
 PARAM	-	-	tcp	5269
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Jetdirect
+++ b/Shorewall-common/macro.Jetdirect
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT JetDirect
 PARAM	-	-	tcp	9100
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.L2TP
+++ b/Shorewall-common/macro.L2TP
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT L2TP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.LDAP
+++ b/Shorewall-common/macro.LDAP
@ -13,5 +13,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT LDAP
 PARAM	-	-	tcp	389
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.LDAPS
+++ b/Shorewall-common/macro.LDAPS
@ -13,5 +13,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT LDAPS
 PARAM	-	-	tcp	636
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.MySQL
+++ b/Shorewall-common/macro.MySQL
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT MySQL
 PARAM	-	-	tcp	3306
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.NNTP
+++ b/Shorewall-common/macro.NNTP
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT NNTP
 PARAM	-	-	tcp	119
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.NNTPS
+++ b/Shorewall-common/macro.NNTPS
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT NNTPS
 PARAM	-	-	tcp	563
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.NTP
+++ b/Shorewall-common/macro.NTP
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT NTP
 PARAM	-	-	udp	123
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.NTPbrd
+++ b/Shorewall-common/macro.NTPbrd
@ -13,6 +13,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT NTPbrd
 PARAM	-		-		udp	123
 PARAM	-		-		udp	1024:	123
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.PCA
+++ b/Shorewall-common/macro.PCA
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT PCAnywhere
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.POP3
+++ b/Shorewall-common/macro.POP3
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT POP3
 PARAM	-	-	tcp	110
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.POP3S
+++ b/Shorewall-common/macro.POP3S
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT POP3S
 PARAM	-	-	tcp	995	# Secure POP3
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Ping
+++ b/Shorewall-common/macro.Ping
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Ping
 PARAM	-	-	icmp	8
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.PostgreSQL
+++ b/Shorewall-common/macro.PostgreSQL
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT  PostgreSQL
 PARAM	-	-	tcp	5432
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Printer
+++ b/Shorewall-common/macro.Printer
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Printer
 PARAM	-	-	tcp	515
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.RDP
+++ b/Shorewall-common/macro.RDP
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Remote Desktop
 PARAM	-	-	tcp	3389
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Rdate
+++ b/Shorewall-common/macro.Rdate
@ -12,5 +12,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Rdate
 PARAM	-	-	tcp	37
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Rsync
+++ b/Shorewall-common/macro.Rsync
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Rsync
 PARAM	-	-	tcp	873
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SMB
+++ b/Shorewall-common/macro.SMB
@ -12,6 +12,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SMB
 PARAM	-	-	udp	135,445
 PARAM	-	-	udp	137:139
 PARAM	-	-	udp	1024:	137
--- a/Shorewall-common/macro.SMBBI
+++ b/Shorewall-common/macro.SMBBI
@ -12,6 +12,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SMBBI
 PARAM	-	-	udp	135,445
 PARAM	-	-	udp	137:139
 PARAM	-	-	udp	1024:	137
--- a/Shorewall-common/macro.SMBswat
+++ b/Shorewall-common/macro.SMBswat
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Swat
 PARAM	-	-	tcp	901
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SMTP
+++ b/Shorewall-common/macro.SMTP
@ -16,5 +16,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SMTP
 PARAM	-	-	tcp	25
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SMTPS
+++ b/Shorewall-common/macro.SMTPS
@ -13,5 +13,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SMTPS
 PARAM	-	-	tcp	465
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SNMP
+++ b/Shorewall-common/macro.SNMP
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SNMP
 PARAM	-	-	udp	161:162
 PARAM	-	-	tcp	161
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SPAMD
+++ b/Shorewall-common/macro.SPAMD
@ -8,5 +8,7 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Spamd
 PARAM	-	-	tcp	783
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SSH
+++ b/Shorewall-common/macro.SSH
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SSH
 PARAM	-	-	tcp	22
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SVN
+++ b/Shorewall-common/macro.SVN
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Subversion
 PARAM	-	-	tcp	3690
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.SixXS
+++ b/Shorewall-common/macro.SixXS
@ -3,11 +3,14 @@
 #
 # /usr/share/shorewall/macro.SixXS
 #
-#	This macro handles SixXS -- An IPv6 Deployment and Tunnel Broken
+#	This macro handles SixXS -- An IPv6 Deployment and Tunnel Broker
 #
 ###############################################################################
 #ACTION		SOURCE		PROTO	DEST	SOURCE	RATE	USER/
 #					PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT SixXS
 PARAM		-		-	tcp	3874      # Used for retrieving the tunnel information (eg by AICCU)
 PARAM		-		-	udp	3740      # Used for signaling where the current IPv4 endpoint
 						          # of the tunnel is and that it is alive
--- a/Shorewall-common/macro.Submission
+++ b/Shorewall-common/macro.Submission
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Submission
 PARAM	-	-	tcp	587
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Syslog
+++ b/Shorewall-common/macro.Syslog
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Syslog
 PARAM	-	-	udp	514
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.TFTP
+++ b/Shorewall-common/macro.TFTP
@ -10,5 +10,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT TFTP
 PARAM	-	-	udp	69
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Telnet
+++ b/Shorewall-common/macro.Telnet
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Telnet
 PARAM	-	-	tcp	23
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Telnets
+++ b/Shorewall-common/macro.Telnets
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Telnets
 PARAM	-	-	tcp	992
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Time
+++ b/Shorewall-common/macro.Time
@ -10,5 +10,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Time
 PARAM	-	-	tcp	37
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Trcrt
+++ b/Shorewall-common/macro.Trcrt
@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Traceroute
 PARAM	-	-	udp	33434:33524 # UDP Traceroute
 PARAM	-	-	icmp	8	    # ICMP Traceroute
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.VNC
+++ b/Shorewall-common/macro.VNC
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT VNC
 PARAM	-	-	tcp	5900:5909
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.VNCL
+++ b/Shorewall-common/macro.VNCL
@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT VNC Listen Mode
 PARAM	-	-	tcp	5500
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Web
+++ b/Shorewall-common/macro.Web
@ -10,6 +10,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Web
 PARAM	-	-	tcp	80	# HTTP (plaintext)
 PARAM	-	-	tcp	443	# HTTPS (over SSL)
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Webmin
+++ b/Shorewall-common/macro.Webmin
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Webmin
 PARAM	-	-	tcp	10000
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/macro.Whois
+++ b/Shorewall-common/macro.Whois
@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
 COMMENT Whois
 PARAM	-	-	tcp	43
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -191,6 +191,37 @@ Other changes in Shorewall 4.1.2.
    DMZ traffic. I use CLASSIFY rules to assign traffic to the first
    and third class and let the rest default to the second class.
 5)  COMMENT lines are now supported in macro bodies by Shorewall-perl
    and are ignored by the Shorewall-shell compiler. The standard
    macros (with the exception of macro.Drop and macro.Reject) have
    been modified to include a COMMENT line describing the macro.
    COMMENT lines in macros work slightly differently from COMMENT
    lines in other files. COMMENT lines in macros are ignored if
    COMMENT support is not available or if there was a COMMENT in use
    when the top-level macro was invoked. This allows the
    following:
 	/usr/share/shorewall/macro.SSH:
 	    #ACTION SOURCE  PROTO   DEST    SOURCE  RATE    USER/
 	    #                       PORT(S) PORT(S) LIMIT   GROUP
 	    COMMENT SSH
 	    PARAM   -       -       tcp     22
 	/etc/shorewall/rules:
 	    COMMENT Allow SSH from home
 	    SSH/ALLOW     net:$MYIP	$FW
 	    COMMENT
 	The comment line in macro.SSH will not override the 
 	COMMENT line in the rules file and the generated rule will show
 		/* Allow SSH from home */
 	when displayed through the Shorewall show and dump commands.
 Migration Issues.
 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
--- a/Shorewall-perl/Shorewall/Actions.pm
+++ b/Shorewall-perl/Shorewall/Actions.pm
@ -405,7 +405,9 @@ sub process_macro1 ( $$ ) {
    push_open( $macrofile );
    while ( read_a_line ) {
-	my ( $mtarget, $msource,  $mdest,  $mproto,  $mports,  $msports, $ mrate, $muser ) = split_line 1, 8, 'macro file';
+	my ( $mtarget, $msource,  $mdest,  $mproto,  $mports,  $msports, $ mrate, $muser ) = split_line1 1, 8, 'macro file';
 	next if $mtarget eq 'COMMENT';
 	$mtarget =~ s/:.*$//;
@ -576,13 +578,20 @@ sub process_action( $$$$$$$$$$ ) {
 sub process_macro3( $$$$$$$$$$$ ) {
    my ( $fn, $param, $chainref, $action, $source, $dest, $proto, $ports, $sports, $rate, $user ) = @_;
    my $nocomment = no_comment;
    progress_message "..Expanding Macro $fn...";
    push_open $fn;
    while ( read_a_line ) {
-	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file';
+	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line1 1, 8, 'macro file';
 	if ( $mtarget eq 'COMMENT' ) {
 	    process_comment unless $nocomment;
 	    next;
 	}
 	if ( $mtarget =~ /^PARAM:?/ ) {
 	    fatal_error 'PARAM requires that a parameter be supplied in macro invocation' unless $param;
@ -628,7 +637,9 @@ sub process_macro3( $$$$$$$$$$$ ) {
    pop_open;
-    progress_message '..End Macro'
+    progress_message '..End Macro';
    clear_comment unless $nocomment;
 }
 #
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -69,6 +69,7 @@ our %EXPORT_TAGS = (
 				       add_command
 				       add_commands
 				       process_comment
 				       no_comment
 				       clear_comment
 				       incr_cmd_level
 				       decr_cmd_level
@ -348,6 +349,13 @@ sub process_comment() {
    }
 }
 #
 # Returns True if there is a current COMMENT or if COMMENTS are not available.
 #
 sub no_comment() {
    $comment ? 1 : $capabilities{COMMENTS} ? 0 : 1;
 }
 #
 # Clear the $comment variable
 #
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -824,13 +824,20 @@ sub process_rule1 ( $$$$$$$$$$$ );
 sub process_macro ( $$$$$$$$$$$$$ ) {
    my ($macrofile, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $wildcard ) = @_;
    my $nocomment = no_comment;
    progress_message "..Expanding Macro $macrofile...";
    push_open $macrofile;
    while ( read_a_line ) {
-	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file';
+	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line1 1, 8, 'macro file';
 	if ( $mtarget eq 'COMMENT' ) {
 	    process_comment unless $nocomment;
 	    next;
 	}
 	$mtarget = merge_levels $target, $mtarget;
@ -884,9 +891,11 @@ sub process_macro ( $$$$$$$$$$$$$ ) {
    pop_open;
-    progress_message "..End Macro $macrofile"
+    progress_message "..End Macro $macrofile";
 }
    clear_comment unless $nocomment;
 }
 #
 # Once a rule has been expanded via wildcards (source and/or dest zone == 'all'), it is processed by this function. If
 # the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion.
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@ -2503,6 +2503,9 @@ process_macro() # $1 = target
    progress_message "..Expanding Macro $(find_file macro.${itarget%%:*})..."
    while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
 	[ mtarget eq 'COMMENT' ] && continue
 	mtarget=$(merge_levels $itarget $mtarget)
 	case $mtarget in
--- a/Shorewall-shell/lib.actions
+++ b/Shorewall-shell/lib.actions
@ -642,6 +642,9 @@ process_actions1() {
 					    progress_message "   ..Expanding Macro $fn..."
 					    while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
 						[ $mtarget eq COMMENT ] && continue
 						temp="${mtarget%%:*}"
 						case "$temp" in
 						    ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|PARAM)
@ -790,8 +793,11 @@ process_action3() {
 	    esac
 	    progress_message "..Expanding Macro $(find_file macro.$xtarget1)..."
 	    while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
 		[ $mtarget eq COMMENT ] && continue
 		mtarget=$(merge_levels $xaction2 $mtarget)
 		case $mtarget in